Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Mark Weaver 

On 03/08/2017 07:09 PM, Mark Weaver wrote:

On 03/08/2017 06:42 PM, Paul Heinlein wrote:
> On Wed, 8 Mar 2017, Mark Weaver wrote:
>
> > On 03/08/2017 11:00 AM, Paul Heinlein wrote:
> >> On Wed, 8 Mar 2017, Mark Weaver wrote:
> >>
> >> > Hello all,
> >> >
> >> > I've been googling my brains out since yesterday looking for
> >> > up-to-date information on this matter, and have found
> >> > information that is anywhere from 15 to 5 years old. I'd really
> >> > like some information that much more up to date on the subject.
> >> > Specifically configuring Sendmail SMTP authentication (_no smart
> >> > host stuff_).
> >>
> >> I wrote this article years ago:
> >>
> >> https://www.madboa.com/geek/sendmail-auth/
> >>
> >> The configuration outlined there is essentially unchanged today. I
> >> have it running on a CentOS 7 machine with sendmail 8.14.
> >>
> >> The only real change is the SOCKETDIR setting in
> >> /etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than
> >> /var/run/saslauthd). And, of course, I use systemctl rather
> >> thachkconfig to control boot-time behavior.
> >
> > Hi Paul,
> >
> > I followed your guide to the letter, however I think it seems I
> > missed something. When I test with telnet to port 25 this is the
> > result:
> >
> >> telnet merlin 25
> > Trying 10.10.3.6...
> > Connected to merlin.ciss.local.
> > Escape character is '^]'.
> > 220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017
> 16:53:31 -0500
> > ehlo merlin
> > 250-mdw1982.com Hello [10.10.3.102], pleased to meet you
> > 250-ENHANCEDSTATUSCODES
> > 250-PIPELINING
> > 250-8BITMIME
> > 250-SIZE
> > 250-DSN
> > 250-ETRN
> > 250-DELIVERBY
> > 250 HELP
> >> auth login
> > 504 5.3.3 AUTH mechanism login not available
> >
> > thoughts?
>
> Many. :-)
>
> Check your mail log for clues.
>
> Ensure you have a valid SSL certificate and key. Sendmail is touchy
> about permissions on the key file. Try googling for
> confDONT_BLAME_SENDMAIL and GroupReadableKeyFile.
>
> Make sure saslauthd is configured and running.
>
> Compile your .mc (m4) file with the macros distributed with the
> version of sendmail you're actually running. This line suggests you're
> not:
>
> mdw1982.com ESMTP Sendmail 8.14.7/8.13.8
>
> That's a first stab at things to try.
>
I fixed the version mis-match by installing sendmail-cf package and
recompiling sendmail.mc. saslauthd is running and conigured according to
your specs. So, I'm not sure what's missing.
Still googling around and found some things that appear to be missing 
from the sendmail config, but when I test saslauthd it doesn't appear to 
be working.


testsaslauthd -u username -p mypassword
0: NO "authentication failed"



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread isdtor 
Did I see an implicit "do as Red Hat says or else" there somewhere? Not 
appropriate. Linux is not Windows (yet). In the heat of the moment it may 
easily be forgotton that Linux is all about choice. We choose to run CentOS, 
and we choose to run it the way we see fit. We appreciate the efforts that go 
into the *Community* *Enterprise* OS, and if you have dealt with buggy crap 
like Ubuntu or Fedora, you appreciate it even more. This does not imply 
deference to upstream.

That statement about "effectively [running] your own Linux distribution" is 
scaremongering, at best. If there's one thing I've learned on this list, it's 
realizing how many use cases, scenarios and solutions there are that can make 
approaching the topic at hand without prejudice challenging at times.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] another SMTP auth question

2017-03-08 Thread Fred Smith 
My ISP has just informed me that we will soon be required to authenticate
when connecting to their smtp server, so I've been looking around on the
web for how to do that with sendmail (just using auth when connecting
outward-bound, nothing else).

I've found a page here: http://www.sendmail.org/~ca/email/auth.html
that explains it simply (for simple minds, like mine) but it appears
to be old-ish.

So, I'm wondering if the recommendation of using:

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN 
PLAIN')dnl

is still appropriate, since MD5 is known to be breakable. Are there other hash
mechanisms that can be used in SMTP for this purpose?

Also, if someone can help me understand the syntax, I'd appreciate it:
does EXTERNAL mean some external tool not specified here? if so, how
is it specified? what such tools would be appropriate?

is there something more robust, e.g., sha256 or similar that should
be used here instead?

is GSSAPI internal, or does the external mean EXTERNAL GSSAPI?

Thanks in advance for any tips.

Fred
-- 
---
Under no circumstances will I ever purchase anything offered to me as
the result of an unsolicited e-mail message. Nor will I forward chain
letters, petitions, mass mailings, or virus warnings to large numbers
of others. This is my contribution to the survival of the online
community.
 --Roger Ebert, December, 1996
- The Boulder Pledge -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Mark Weaver 

On 03/08/2017 06:42 PM, Paul Heinlein wrote:

On Wed, 8 Mar 2017, Mark Weaver wrote:

> On 03/08/2017 11:00 AM, Paul Heinlein wrote:
>> On Wed, 8 Mar 2017, Mark Weaver wrote:
>>
>> > Hello all,
>> >
>> > I've been googling my brains out since yesterday looking for
>> > up-to-date information on this matter, and have found
>> > information that is anywhere from 15 to 5 years old. I'd really
>> > like some information that much more up to date on the subject.
>> > Specifically configuring Sendmail SMTP authentication (_no smart
>> > host stuff_).
>>
>> I wrote this article years ago:
>>
>> https://www.madboa.com/geek/sendmail-auth/
>>
>> The configuration outlined there is essentially unchanged today. I
>> have it running on a CentOS 7 machine with sendmail 8.14.
>>
>> The only real change is the SOCKETDIR setting in
>> /etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than
>> /var/run/saslauthd). And, of course, I use systemctl rather
>> thachkconfig to control boot-time behavior.
>
> Hi Paul,
>
> I followed your guide to the letter, however I think it seems I
> missed something. When I test with telnet to port 25 this is the
> result:
>
>> telnet merlin 25
> Trying 10.10.3.6...
> Connected to merlin.ciss.local.
> Escape character is '^]'.
> 220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 
16:53:31 -0500

> ehlo merlin
> 250-mdw1982.com Hello [10.10.3.102], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN
> 250-DELIVERBY
> 250 HELP
>> auth login
> 504 5.3.3 AUTH mechanism login not available
>
> thoughts?

Many. :-)

Check your mail log for clues.

Ensure you have a valid SSL certificate and key. Sendmail is touchy
about permissions on the key file. Try googling for
confDONT_BLAME_SENDMAIL and GroupReadableKeyFile.

Make sure saslauthd is configured and running.

Compile your .mc (m4) file with the macros distributed with the
version of sendmail you're actually running. This line suggests you're
not:

mdw1982.com ESMTP Sendmail 8.14.7/8.13.8

That's a first stab at things to try.

I fixed the version mis-match by installing sendmail-cf package and 
recompiling sendmail.mc. saslauthd is running and conigured according to 
your specs. So, I'm not sure what's missing.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Paul Heinlein 

On Wed, 8 Mar 2017, Mark Weaver wrote:


On 03/08/2017 11:00 AM, Paul Heinlein wrote:

 On Wed, 8 Mar 2017, Mark Weaver wrote:

>  Hello all,
>
>  I've been googling my brains out since yesterday looking for 
>  up-to-date information on this matter, and have found 
>  information that is anywhere from 15 to 5 years old. I'd really 
>  like some information that much more up to date on the subject. 
>  Specifically configuring Sendmail SMTP authentication (_no smart 
>  host stuff_).


 I wrote this article years ago:

 https://www.madboa.com/geek/sendmail-auth/

 The configuration outlined there is essentially unchanged today. I
 have it running on a CentOS 7 machine with sendmail 8.14.

 The only real change is the SOCKETDIR setting in
 /etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than
 /var/run/saslauthd). And, of course, I use systemctl rather
 thachkconfig to control boot-time behavior.


Hi Paul,

I followed your guide to the letter, however I think it seems I 
missed something. When I test with telnet to port 25 this is the 
result:



 telnet merlin 25

Trying 10.10.3.6...
Connected to merlin.ciss.local.
Escape character is '^]'.
220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 16:53:31 -0500
ehlo merlin
250-mdw1982.com Hello [10.10.3.102], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP

 auth login

504 5.3.3 AUTH mechanism login not available

thoughts?


Many. :-)

Check your mail log for clues.

Ensure you have a valid SSL certificate and key. Sendmail is touchy 
about permissions on the key file. Try googling for 
confDONT_BLAME_SENDMAIL and GroupReadableKeyFile.


Make sure saslauthd is configured and running.

Compile your .mc (m4) file with the macros distributed with the 
version of sendmail you're actually running. This line suggests you're 
not:


mdw1982.com ESMTP Sendmail 8.14.7/8.13.8

That's a first stab at things to try.

--
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Mark Weaver 

On 03/08/2017 06:21 PM, Alexander Dalloz wrote:

Am 08.03.2017 um 22:57 schrieb Mark Weaver:
> On 03/08/2017 11:00 AM, Paul Heinlein wrote:
>> On Wed, 8 Mar 2017, Mark Weaver wrote:

>> I wrote this article years ago:
>>
>> https://www.madboa.com/geek/sendmail-auth/

> Hi Paul,
>
> I followed your guide to the letter, however I think it seems I missed
> something. When I test with telnet to port 25 this is the result:
>
>> telnet merlin 25
> Trying 10.10.3.6...
> Connected to merlin.ciss.local.
> Escape character is '^]'.
> 220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 16:53:31

That makes your mistake obvious: the .cf version is 8.13.8 - it does not
match the Sendmail version 8.14.7. So you did not build the sendmail.cf
from the modified sendmail.mc.

Make sure you have run "yum install sendmail-cf" so that "cd /etc/mail;
make" can do what it should do.

> -0500
> ehlo merlin
> 250-mdw1982.com Hello [10.10.3.102], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN
> 250-DELIVERBY
> 250 HELP
>> auth login
> 504 5.3.3 AUTH mechanism login not available
>
> thoughts?

Alexander

And now?

> telnet merlin 25
Trying 10.10.3.6...
Connected to merlin.ciss.local.
Escape character is '^]'.
220 mdw1982.com ESMTP Sendmail 8.14.7/8.14.7; Wed, 8 Mar 2017 18:39:51 -0500
ehlo merlin
250-mdw1982.com Hello [10.10.3.102], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
> auth login
504 5.3.3 AUTH mechanism login not available
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Firefox for CentOS

2017-03-08 Thread Yamaban 

On Wed, 8 Mar 2017 16:56, Johnny Hughes  wrote:

On 03/08/2017 09:39 AM, Phelps, Matthew wrote:

On Wed, Mar 8, 2017 at 10:25 AM, Johnny Hughes  wrote:

On 03/08/2017 09:10 AM, m.r...@5-cent.us wrote:

Johnny Hughes wrote:

I am currently building the latest Firefox updates and I have noticed
that they have upgraded the CentOS-7 Firefox from the ESR tree (45.8) to
the mainline tree (Currently firefox-52.0).  They have left EL5 and EL6
at the ESR level (45.8.0-2).

EL7:
https://rhn.redhat.com/errata/RHSA-2017-0461.html

EL5 and EL6:
https://rhn.redhat.com/errata/RHSA-2017-0459.html

As stated above, I am currently building and testing these, so they are
not yet released .. just preparing people for the changes.


Does anyone know if ESR 52.x will eventually be released for CentOS 6?


I am sure it will, certainly when version 45 goes EOL.

The variables and content to build it on EL6 are in the current EL7
SRPM, but the EL5 stuff is (understandably, since it is going EOL soon)
missing.

What I am not sure of is if EL7 will stay on the Current Release for the
next update or if it will shift back to ESR.


Eh?? There is a slight misunderstanding here.

The Firefox 52.0 Version is released for BOTH, the normal release channel
AND the ESR channel. This was done to have one 6 week periode of overlapp
between the old and the new ESR version, to "ease over" the transistion,
as the 52 version insists on GKT3 and gstreamer 1.x normally.

At this point in time there are TWO ESR releases:
the 45.8.0esr AND the 52.0esr

http://download-installer.cdn.mozilla.net/pub/firefox/releases/45.8.0esr/linux-x86_64/en-US/firefox-45.8.0esr.tar.bz2
(Last-Modified: Mon, 06 Mar 2017 16:34:18 GMT)

and:

http://download-installer.cdn.mozilla.net/pub/firefox/releases/52.0esr/linux-x86_64/en-US/firefox-52.0esr.tar.bz2
(Last-Modified: Mon, 06 Mar 2017 16:32:42 GMT)

So, if you go for 52, make sure the get the "channel" right
(esr, not release)

Pure personal opinion on 52 is still out, I'm not that hyped, some of my
'beloved' extensions / addons are no longer working on 52 vs 45.

 - Yamaban.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Alexander Dalloz 

Am 08.03.2017 um 22:57 schrieb Mark Weaver:

On 03/08/2017 11:00 AM, Paul Heinlein wrote:

On Wed, 8 Mar 2017, Mark Weaver wrote:



I wrote this article years ago:

https://www.madboa.com/geek/sendmail-auth/



Hi Paul,

I followed your guide to the letter, however I think it seems I missed
something. When I test with telnet to port 25 this is the result:


telnet merlin 25

Trying 10.10.3.6...
Connected to merlin.ciss.local.
Escape character is '^]'.
220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 16:53:31


That makes your mistake obvious: the .cf version is 8.13.8 - it does not 
match the Sendmail version 8.14.7. So you did not build the sendmail.cf 
from the modified sendmail.mc.


Make sure you have run "yum install sendmail-cf" so that "cd /etc/mail; 
make" can do what it should do.



-0500
ehlo merlin
250-mdw1982.com Hello [10.10.3.102], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP

auth login

504 5.3.3 AUTH mechanism login not available

thoughts?


Alexander



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-announce] CEBA-2017:0472 CentOS 7 tzdata BugFix Update

2017-03-08 Thread Johnny Hughes 

CentOS Errata and Bugfix Advisory 2017:0472 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-0472.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
5466bcb17ce08e9000a2c49c4d794df5b14cb134bd8626c0dd1ee1d8ad5f2487  
tzdata-2017a-1.el7.noarch.rpm
96548dc39c746c9d7fd1b31f7c792c8f1b4244f25faac417bfc535905108eac3  
tzdata-java-2017a-1.el7.noarch.rpm

Source:
1c46024fee2400b239ff093d385e7757d0d63f976a49d9997101b8466b2851ff  
tzdata-2017a-1.el7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2017:0461 Critical CentOS 7 firefox Security Update

2017-03-08 Thread Johnny Hughes 

CentOS Errata and Security Advisory 2017:0461 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0461.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
1d0b658fdec4ca46114566017609d05174e57d3a4fe8f2dad5cc4bef31b79565  
firefox-52.0-4.el7.centos.i686.rpm
84e4a856f98b3fc61b4185bd1b7e77914ada452c9438379e84f7ea6ee5f63daf  
firefox-52.0-4.el7.centos.x86_64.rpm

Source:
e962f4e9d1ca12f273caa044beb279a741c0229cb909c88d2c0a8507b4a6b582  
firefox-52.0-4.el7.centos.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEEA-2017:0460 CentOS 7 nss Enhancement Update

2017-03-08 Thread Johnny Hughes 

CentOS Errata and Enhancement Advisory 2017:0460 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2017-0460.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
f903ae7228a486794fc475c6f1e5c95b441144e69697ba5915a125b5d0c47eac  
nss-3.28.2-1.6.el7_3.i686.rpm
997bf50bedd8b277f58b892c5fce32693ce41a1daa0f80cce14c4f348f697d95  
nss-3.28.2-1.6.el7_3.x86_64.rpm
9a3bf58c2fdef2f3b099be23603d209dbcbd5f00ef0a4c4777ce3a03f7e0ae2e  
nss-devel-3.28.2-1.6.el7_3.i686.rpm
c10d9e308bccc51e59b3d1d3ab70a1075db1d29eb4afc94df54e10b75d19b4fd  
nss-devel-3.28.2-1.6.el7_3.x86_64.rpm
cb0aedace30812ebd3ddd75dee3f6c1db288c0c46cc7137a939f5c9084bbe3ab  
nss-pkcs11-devel-3.28.2-1.6.el7_3.i686.rpm
e3f1102d8afc25abbd440358269ed353adef67b83a64c75182f116dc88efa5eb  
nss-pkcs11-devel-3.28.2-1.6.el7_3.x86_64.rpm
11856ae59608ce6385bdef2ad417612a5dd8e5602a645627ae9afcfbe5841253  
nss-sysinit-3.28.2-1.6.el7_3.x86_64.rpm
433e4525339e22c5edaf0dbecf47b7d0a95ad3563788074fbc160ee03e1197f8  
nss-tools-3.28.2-1.6.el7_3.x86_64.rpm

Source:
bdc27cc85a0f92d93385bb711f4bc69fbf617dd649d70384be53666e01324d36  
nss-3.28.2-1.6.el7_3.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEEA-2017:0460 CentOS 7 nss-util Enhancement Update

2017-03-08 Thread Johnny Hughes 

CentOS Errata and Enhancement Advisory 2017:0460 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2017-0460.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
4fa594de013548c41deed341d101062104ba382b33a64434e0fd71019db3b106  
nss-util-3.28.2-1.1.el7_3.i686.rpm
4ddbdb0cc496c5d6bbe4bbe7edfb1c8a1ebb7d3ae7a3eb90dda8890280048427  
nss-util-3.28.2-1.1.el7_3.x86_64.rpm
4ce32703476e615bc9c362c22ee596c23d4c143a63960c8e0919b9faf689be8a  
nss-util-devel-3.28.2-1.1.el7_3.i686.rpm
baad28c5e87dd2126a1bef1e8308f37d30520397f9ba95c5f49adc50f6953628  
nss-util-devel-3.28.2-1.1.el7_3.x86_64.rpm

Source:
bcee8b9c13e01f912a50965455bf4a26f9ecfe98683dee488bc2cb028de8  
nss-util-3.28.2-1.1.el7_3.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEEA-2017:0460 CentOS 7 nspr Enhancement Update

2017-03-08 Thread Johnny Hughes 

CentOS Errata and Enhancement Advisory 2017:0460 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2017-0460.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
09b3e71758a143e0aff8ec7669fe75ca87981b1c6a45cb1efe38cf53a54c04b9  
nspr-4.13.1-1.0.el7_3.i686.rpm
3a6c20e7132e12ba31fbb56ae97cf0397dc5b512b175454df3f0be34e1acbe72  
nspr-4.13.1-1.0.el7_3.x86_64.rpm
4681806392b6fa97ccee438f8452b0c5de023aea3c386bb570b6ad42a31c3329  
nspr-devel-4.13.1-1.0.el7_3.i686.rpm
29cef81f1891be05670c3a5f69363b30a8f4e16705edbb75739fa5c4653c706b  
nspr-devel-4.13.1-1.0.el7_3.x86_64.rpm

Source:
7449a93d80a5bb372f618feb8d965cd10806b78d07104eacd716ff6b8692efc7  
nspr-4.13.1-1.0.el7_3.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEEA-2017:0458 CentOS 7 kmod-redhat-mpt3sas Enhancement Update

2017-03-08 Thread Johnny Hughes 

CentOS Errata and Enhancement Advisory 2017:0458 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2017-0458.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
5d5fd5d8ca7d36045da7cf51014ef923cf0e7ff482f99fa745d5b81babd54d86  
kmod-redhat-mpt3sas-14.101.00.00-1.el7_3.x86_64.rpm

Source:
13c5b33f5504eb2c4c708fe2e655ba77e6aff6fc7846cbc30f082a0f2f18  
kmod-redhat-mpt3sas-14.101.00.00-1.el7_3.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2017:0472 CentOS 6 tzdata BugFix Update

2017-03-08 Thread Johnny Hughes 

CentOS Errata and Bugfix Advisory 2017:0472 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-0472.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
466107e89457fc5fb5e4877d28c7526830645f5ac959a51d0b3fc885bc98b876  
tzdata-2017a-1.el6.noarch.rpm
4439dfe15e245981524c2fbc8c0928864b4e3da67a761fc0f1b613099c712ac5  
tzdata-java-2017a-1.el6.noarch.rpm

x86_64:
466107e89457fc5fb5e4877d28c7526830645f5ac959a51d0b3fc885bc98b876  
tzdata-2017a-1.el6.noarch.rpm
4439dfe15e245981524c2fbc8c0928864b4e3da67a761fc0f1b613099c712ac5  
tzdata-java-2017a-1.el6.noarch.rpm

Source:
7d1c14c90c5fdf3cf78f906bf353f7b42bdde64352110fbd98514af1c2ba3c0e  
tzdata-2017a-1.el6.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2017:0472 CentOS 5 tzdata BugFix Update

2017-03-08 Thread Johnny Hughes 

CentOS Errata and Bugfix Advisory 2017:0472 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-0472.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
2629f95ec5b436abfe84d0bd0fd0131bc631ae4fdab18b53466fdbbd1a15a11b  
tzdata-2017a-1.el5.i386.rpm
712ae99e3d37dad1fe54858e8863c71e8be6786f6633cb60a060225e66ba24de  
tzdata-java-2017a-1.el5.i386.rpm

x86_64:
58d0bdf94b0cfb4abea13780d909a74e9d68ed945689f63f1561bdea0c6ed5ee  
tzdata-2017a-1.el5.x86_64.rpm
a767c8d7f0f782394bf6e0dfe5abd4c0999c9176bc139a32a696d1cf4c388478  
tzdata-java-2017a-1.el5.x86_64.rpm

Source:
02e88e760fe9a2338c9c506c9d4204868da96a3e37f5ac5a8a7436b3c4129a51  
tzdata-2017a-1.el5.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Mark Weaver 

On 03/08/2017 11:00 AM, Paul Heinlein wrote:

On Wed, 8 Mar 2017, Mark Weaver wrote:

> Hello all,
>
> I've been googling my brains out since yesterday looking for up-to-date
> information on this matter, and have found information that is 
anywhere from
> 15 to 5 years old. I'd really like some information that much more 
up to date
> on the subject. Specifically configuring Sendmail SMTP 
authentication (_no

> smart host stuff_).

I wrote this article years ago:

https://www.madboa.com/geek/sendmail-auth/

The configuration outlined there is essentially unchanged today. I
have it running on a CentOS 7 machine with sendmail 8.14.

The only real change is the SOCKETDIR setting in
/etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than
/var/run/saslauthd). And, of course, I use systemctl rather 
thachkconfig to control boot-time behavior.


The trickier bit for me was stopping and restarting the whole SMTP
toolchain, which includes spamassassin, clavav, and opendmarc. Below
my .sig, I've included the shell script I use for that.

--
Paul Heinlein <> heinl...@madboa.com  <> 
http://www.madboa.com/

Hi Paul,

I followed your guide to the letter, however I think it seems I missed 
something. When I test with telnet to port 25 this is the result:


> telnet merlin 25
Trying 10.10.3.6...
Connected to merlin.ciss.local.
Escape character is '^]'.
220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 16:53:31 -0500
ehlo merlin
250-mdw1982.com Hello [10.10.3.102], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
> auth login
504 5.3.3 AUTH mechanism login not available

thoughts?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] Problemas de correos

2017-03-08 Thread Victor Padro 
De preferencia usa certificados para cifrar los mensajes, ya que la otra
parte si los esta usando.

Saludos,

2017-03-08 15:27 GMT-06:00 Roberto Bermúdez :

> Buenas tardes estimados listeros
>
> necesito acudir a ustedes a ver si alguien me puede ayudar con una duda que
> se me ocasiona con respecto a mi servidor de correos, primero debo indicar
> que mi servidor lo tengo en un centos 5.5, con snedmail, y con MailScanner
> y Spamassassin también
>
> pero desde la semana pasada tengo alguno usuarios que me indican que no
> pueden recibir correo desde ciertos dominios (no todos los dominios), y
> hasta la fecha solo uno me ha podido conseguir el mensaje de error que
> reciben quienes mandan el correo y detallo a continuación, tampoco se
> observa nada extraño en los logs de mi servidore de correo.
>
> cabe aclarar que no uso certificados TLS, que según lo que he googleado
> dice que es el problema, entonces como puedo superar el inconveniente?
>
>
> De: Mail Delivery Subsystem 
> Fecha: 7/3/17 13:38 (GMT-05:00)
> A: usua...@xx.com
> Asunto: Returned mail: see transcript for details
>
> The original message was received at Thu, 2 Mar 2017 13:35:42 -0500
> from [X.X.X.X]
>
>- The following addresses had permanent fatal errors -
> 
> (reason: 403 4.7.0 TLS handshake failed.)
>
>
> de antemano agradezco inmensamente cualquier ayuda que me puedan aportar
>
> Roberto B.
> ___
> CentOS-es mailing list
> CentOS-es@centos.org
> https://lists.centos.org/mailman/listinfo/centos-es
>



-- 
"Everything that irritates us about others can lead us to an understanding
of ourselves"
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS-es] Problemas de correos

2017-03-08 Thread Roberto Bermúdez 
Buenas tardes estimados listeros

necesito acudir a ustedes a ver si alguien me puede ayudar con una duda que
se me ocasiona con respecto a mi servidor de correos, primero debo indicar
que mi servidor lo tengo en un centos 5.5, con snedmail, y con MailScanner
y Spamassassin también

pero desde la semana pasada tengo alguno usuarios que me indican que no
pueden recibir correo desde ciertos dominios (no todos los dominios), y
hasta la fecha solo uno me ha podido conseguir el mensaje de error que
reciben quienes mandan el correo y detallo a continuación, tampoco se
observa nada extraño en los logs de mi servidore de correo.

cabe aclarar que no uso certificados TLS, que según lo que he googleado
dice que es el problema, entonces como puedo superar el inconveniente?


De: Mail Delivery Subsystem 
Fecha: 7/3/17 13:38 (GMT-05:00)
A: usua...@xx.com
Asunto: Returned mail: see transcript for details

The original message was received at Thu, 2 Mar 2017 13:35:42 -0500
from [X.X.X.X]

   - The following addresses had permanent fatal errors -

(reason: 403 4.7.0 TLS handshake failed.)


de antemano agradezco inmensamente cualquier ayuda que me puedan aportar

Roberto B.
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS-announce] CESA-2017:0459 Critical CentOS 6 firefox Security Update

2017-03-08 Thread Johnny Hughes 

CentOS Errata and Security Advisory 2017:0459 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0459.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
4bec161eb52a589439c71ed05b1cec02090238945f06c5842c46131c1afdb1aa  
firefox-45.8.0-2.el6.centos.i686.rpm

x86_64:
4bec161eb52a589439c71ed05b1cec02090238945f06c5842c46131c1afdb1aa  
firefox-45.8.0-2.el6.centos.i686.rpm
5419e8f6cd70aaf324f787f935578562ecb86ffc853fd770a850f87050b7e928  
firefox-45.8.0-2.el6.centos.x86_64.rpm

Source:
d9df8316ea7d9e8656a6a2b5b08270d79726ab2be1959a4fd8cf787bb4a3f4a8  
firefox-45.8.0-2.el6.centos.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2017:0459 Critical CentOS 5 firefox Security Update

2017-03-08 Thread Johnny Hughes 

CentOS Errata and Security Advisory 2017:0459 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0459.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
a34545c9cf03031487401a126491ebd9b070d5ae4939388b5257c0247934edbb  
firefox-45.8.0-2.el5.centos.i386.rpm

x86_64:
a34545c9cf03031487401a126491ebd9b070d5ae4939388b5257c0247934edbb  
firefox-45.8.0-2.el5.centos.i386.rpm
68ced987cc2f967a4d8034f1bce8cd63a8ef8a3213cd20d65b66a18a1ca00977  
firefox-45.8.0-2.el5.centos.x86_64.rpm

Source:
05f28d258f433afa408773c4cac5d3a96058a6e9e25b4991c2e90764335f89e1  
firefox-45.8.0-2.el5.centos.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2017:0454 Important CentOS 5 kvm Security Update

2017-03-08 Thread Johnny Hughes 

CentOS Errata and Security Advisory 2017:0454 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0454.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 


x86_64:
0e34501fb214585a504064e6aa4e92d8c6324981104fd7a29edc6f918e5cb238  
kmod-kvm-83-277.el5.centos.x86_64.rpm
9ed56a631d250bbda7b31e4a1df28387709f816b5974aa87ab522774273e480c  
kmod-kvm-debug-83-277.el5.centos.x86_64.rpm
38ddb0118eabc062c89dd5353b3da9f4574d4d03c3bb5dba677200cb5522fcb7  
kvm-83-277.el5.centos.x86_64.rpm
c96ade4c2185dd18a78fcf51c74fe7a7a916de7e45e339975ba14ec5d394928b  
kvm-qemu-img-83-277.el5.centos.x86_64.rpm
02aed4ba713b572ba9745a568289cb5c48b30b3f94f512a69b77c51bfc532a00  
kvm-tools-83-277.el5.centos.x86_64.rpm

Source:
125954ae9f9608b901902f81b2d144fbef70efff0e11a761787324457034832d  
kvm-83-277.el5.centos.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Mark Weaver 

On 03/08/2017 11:00 AM, Paul Heinlein wrote:

On Wed, 8 Mar 2017, Mark Weaver wrote:

> Hello all,
>
> I've been googling my brains out since yesterday looking for up-to-date
> information on this matter, and have found information that is 
anywhere from
> 15 to 5 years old. I'd really like some information that much more 
up to date
> on the subject. Specifically configuring Sendmail SMTP 
authentication (_no

> smart host stuff_).

I wrote this article years ago:

https://www.madboa.com/geek/sendmail-auth/

The configuration outlined there is essentially unchanged today. I
have it running on a CentOS 7 machine with sendmail 8.14.

The only real change is the SOCKETDIR setting in
/etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than
/var/run/saslauthd). And, of course, I use systemctl rather than
chkconfig to control boot-time behavior.

The trickier bit for me was stopping and restarting the whole SMTP
toolchain, which includes spamassassin, clavav, and opendmarc. Below
my .sig, I've included the shell script I use for that.

--
Paul Heinlein <> heinl...@madboa.com  <> 
http://www.madboa.com/



Hi Paul,

I much appreciate the info and will be having a look at it. I'll post 
back as to how its gone. Migrating is both enjoyable, exciting and a 
real BIG pain in the ass; all at the same time.

#!/bin/sh
#
# start/stop SMTP tool chain on mail.madboa.com
#
==

LANG=C
PATH="/usr/bin:/usr/sbin"

function mail_start {
sync && sync
for S in \
"clamd@clayton " "clamav-milter" \
"opendmarc" \
"spamassassin" "spamass-milter" \
"sendmail"
do
echo -n "Starting $S :: "
systemctl start ${S}.service
if test $? -eq 0; then echo "ok"; else echo "failed"; fi
done
}

function mail_status {
for S in \
"clamd@clayton " "clamav-milter" \
"opendmarc" \
"spamassassin" "spamass-milter" \
"sendmail"
do
echo -n "$S :: "
systemctl is-active ${S}.service
done
}

function mail_stop {
for S in \
"sendmail" \
"clamav-milter" "clamd@clayton " \
"opendmarc" \
"spamass-milter" "spamassassin"
do
echo -n "Stopping $S :: "
systemctl stop ${S}.service
if test $? -eq 0; then echo "ok"; else echo "failed"; fi
done
}

case "$1" in
start)
mail_start
;;
stop)
mail_stop
;;
restart)
mail_stop
mail_start
;;
status)
mail_status
;;
*)
echo "usage: $(basename $0) {start|stop|restart|status}"
;;
esac

# vim: set filetype=sh:

___
CentOS mailing list
CentOS@centos.org 
https://lists.centos.org/mailman/listinfo/centos

Total Control Panel 	Login 



To: mwea...@compinfosystems.com 
 


From: centos-boun...@centos.org


Remove 
 
this sender from my allow list


You received this message because the sender is on your allow list.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Mark Weaver 

On 03/08/2017 12:34 PM, David Both wrote:

Try this article, "Outbound authentication for Sendmail."

http://www.databook.bz/?page_id=3097

I wrote this after setting it up on my own CentOS server.

Will definitely be having a look at this. The information is much 
appreciated.


On 03/08/2017 10:41 AM, Mark Weaver wrote:
> Hello all,
>
> I've been googling my brains out since yesterday looking for
> up-to-date information on this matter, and have found information that
> is anywhere from 15 to 5 years old. I'd really like some information
> that much more up to date on the subject. Specifically configuring
> Sendmail SMTP authentication (_no smart host stuff_).
>
> I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also installed:
>
> - Cyrus-sasl
> - Dovecot
> - Openssl
>
> Essentially everything I need except the working knowledge for the
> process. If someone knows where I might locate this information it
> would be greatly appreciated.
>
> thanks
>
> Mark
>
> ___
> CentOS mailing list
> CentOS@centos.org 
> https://lists.centos.org/mailman/listinfo/centos

--

*
David P. Both
*
"I'd put my money on the sun and solar energy. What a
source of power! I hope we don't have to wait until oil
and coal run out before we tackle that."
- Thomas Edison, in conversation with Henry Ford and
Harvey Firestone, 1931
*


--


*
David P. Both, RHCE
Millennium Technology Consulting LLC
Raleigh, NC, USA
919-389-8678

db...@millennium-technology.com 

www.millennium-technology.com
www.databook.bz - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*
This communication may be unlawfully collected and stored by the National
Security Agency (NSA) in secret. The parties to this email do not
consent to the
retrieving or storing of this communication and any related metadata, as
well as
printing, copying, re-transmitting, disseminating, or otherwise using
it. If you
believe you have received this communication in error, please delete it
immediately.

___
CentOS mailing list
CentOS@centos.org 
https://lists.centos.org/mailman/listinfo/centos

Total Control Panel 	Login 



To: mwea...@compinfosystems.com 
 


From: centos-boun...@centos.org


Remove 
 
this sender from my allow list


You received this message because the sender is on your allow list.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Mark Weaver 

On 03/08/2017 11:40 AM, Robert Moskowitz wrote:



On 03/08/2017 10:41 AM, Mark Weaver wrote:
> Hello all,
>
> I've been googling my brains out since yesterday looking for
> up-to-date information on this matter, and have found information that
> is anywhere from 15 to 5 years old. I'd really like some information
> that much more up to date on the subject. Specifically configuring
> Sendmail SMTP authentication (_no smart host stuff_).
>
> I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also installed:
>
> - Cyrus-sasl
> - Dovecot
> - Openssl
>
> Essentially everything I need except the working knowledge for the
> process. If someone knows where I might locate this information it
> would be greatly appreciated.

Do you need Cyrus-sasl anymore? Dovecot now comes with its own sasl.

I am working up a
C7-Postfix/MYsql/Postfixadmin/Dovecot/Roundcube/Amavis-clamav howto.

So, sorry, I switched from Sendmail to Postfix some 6+ years ago.

I am actually doing this on Centos7-amrv7hl, but it will work on all C7
arches. It will take me a couple more weeks to finish, but will share
with anyone that wants it now or more wants to help.
I thought about Postfix for a few minutes and decided because of the 
amount of other stuff I've got on my plate since I'm already familiar 
with Sendmail I decided to stay with it. But thank you.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] Cambiar ruta MySQL

2017-03-08 Thread Death User 
On Wed, Mar 8, 2017 at 12:14 PM, José Xitumul  wrote:

> test


Dale permisos totales a todo el mundo y mira si así sube, y ahí ves con qué
usuario y grupo te crea el archivo en cuestión y restringes a los permisos
adecuados, o quizás selinux ...

bye
;)
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS-es] Cambiar ruta MySQL

2017-03-08 Thread José Xitumul 
Buen dia compañeros con un favor, estoy configurando mysql en otra
partición pero me da el siguiente error
la partición se llama /data


170308 11:11:43 mysqld_safe Logging to '/var/log/mysqld.log'.
170308 11:11:43 mysqld_safe Starting mysqld daemon with databases from
/data/mysql/
2017-03-08 11:11:43 0 [Warning] TIMESTAMP with implicit DEFAULT value is
deprecated. Please use --explicit_defaults_for_timestamp server option (see
documentation for more details).
2017-03-08 11:11:43 0 [Warning] Can't create test file
/data/mysql/MySQL.lower-test
2017-03-08 11:11:43 0 [Note] /usr/sbin/mysqld (mysqld 5.6.35) starting as
process 12768 ...
2017-03-08 11:11:43 12768 [Warning] Can't create test file
/data/mysql/MySQL.lower-test
2017-03-08 11:11:43 12768 [Warning] Can't create test file
/data/mysql/MySQL.lower-test
2017-03-08 11:11:43 12768 [Warning] Buffered warning: Changed limits:
max_open_files: 1024 (requested 5000)

2017-03-08 11:11:43 12768 [Warning] Buffered warning: Changed limits:
table_open_cache: 431 (requested 2000)

2017-03-08 11:11:43 12768 [Note] Plugin 'FEDERATED' is disabled.
/usr/sbin/mysqld: Can't find file: './mysql/plugin.frm' (errno: 13 -
Permission denied)
2017-03-08 11:11:43 12768 [ERROR] Can't open the mysql.plugin table. Please
run mysql_upgrade to create it.


ya le di permisos con el usuario mysql
drwxr-xr-x. 5 mysql root 144 mar  8 09:38 mysql

Pero no me funciona, si alguien pudiera ayudarme se lo agradezco, gracias
de antemano
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread David Both 

Try this article, "Outbound authentication for Sendmail."

http://www.databook.bz/?page_id=3097

I wrote this after setting it up on my own CentOS server.


On 03/08/2017 10:41 AM, Mark Weaver wrote:

Hello all,

I've been googling my brains out since yesterday looking for
up-to-date information on this matter, and have found information that
is anywhere from 15 to 5 years old. I'd really like some information
that much more up to date on the subject. Specifically configuring
Sendmail SMTP authentication (_no smart host stuff_).

I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also installed:

- Cyrus-sasl
- Dovecot
- Openssl

Essentially everything I need except the working knowledge for the
process. If someone knows where I might locate this information it
would be greatly appreciated.

thanks

Mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


--

*
David P. Both
*
"I'd put my money on the sun and solar energy. What a
source of power! I hope we don't have to wait until oil
and coal run out before we tackle that."
 - Thomas Edison, in conversation with Henry Ford and
   Harvey Firestone, 1931
*


--


*
David P. Both, RHCE
Millennium Technology Consulting LLC
Raleigh, NC, USA
919-389-8678

db...@millennium-technology.com

www.millennium-technology.com
www.databook.bz - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*
This communication may be unlawfully collected and stored by the National
Security Agency (NSA) in secret. The parties to this email do not 
consent to the
retrieving or storing of this communication and any related metadata, as 
well as
printing, copying, re-transmitting, disseminating, or otherwise using 
it. If you

believe you have received this communication in error, please delete it
immediately.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Robert Moskowitz 



On 03/08/2017 10:41 AM, Mark Weaver wrote:

Hello all,

I've been googling my brains out since yesterday looking for 
up-to-date information on this matter, and have found information that 
is anywhere from 15 to 5 years old. I'd really like some information 
that much more up to date on the subject. Specifically configuring 
Sendmail SMTP authentication (_no smart host stuff_).


I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also installed:

- Cyrus-sasl
- Dovecot
- Openssl

Essentially everything I need except the working knowledge for the 
process. If someone knows where I might locate this information it 
would be greatly appreciated.


Do you need Cyrus-sasl anymore?  Dovecot now comes with its own sasl.

I am working up a 
C7-Postfix/MYsql/Postfixadmin/Dovecot/Roundcube/Amavis-clamav howto.


So, sorry, I switched from Sendmail to Postfix some 6+ years ago.

I am actually doing this on Centos7-amrv7hl, but it will work on all C7 
arches.  It will take me a couple more weeks to finish, but will share 
with anyone that wants it now or more wants to help.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Paul Heinlein 

On Wed, 8 Mar 2017, Mark Weaver wrote:


Hello all,

I've been googling my brains out since yesterday looking for up-to-date 
information on this matter, and have found information that is anywhere from 
15 to 5 years old. I'd really like some information that much more up to date 
on the subject. Specifically configuring Sendmail SMTP authentication (_no 
smart host stuff_).


I wrote this article years ago:

  https://www.madboa.com/geek/sendmail-auth/

The configuration outlined there is essentially unchanged today. I 
have it running on a CentOS 7 machine with sendmail 8.14.


The only real change is the SOCKETDIR setting in 
/etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than 
/var/run/saslauthd). And, of course, I use systemctl rather than 
chkconfig to control boot-time behavior.


The trickier bit for me was stopping and restarting the whole SMTP 
toolchain, which includes spamassassin, clavav, and opendmarc. Below 
my .sig, I've included the shell script I use for that.


--
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/


#!/bin/sh
#
# start/stop SMTP tool chain on mail.madboa.com
#
==

LANG=C
PATH="/usr/bin:/usr/sbin"

function mail_start {
  sync && sync
  for S in \
"clamd@clayton" "clamav-milter" \
"opendmarc" \
"spamassassin" "spamass-milter" \
"sendmail"
  do
echo -n "Starting $S :: "
systemctl start ${S}.service
if test $? -eq 0; then echo "ok"; else echo "failed"; fi
  done
}

function mail_status {
  for S in \
"clamd@clayton" "clamav-milter" \
"opendmarc" \
"spamassassin" "spamass-milter" \
"sendmail"
  do
echo -n "$S :: "
systemctl is-active ${S}.service
  done
}

function mail_stop {
  for S in \
"sendmail" \
"clamav-milter" "clamd@clayton" \
"opendmarc" \
"spamass-milter" "spamassassin"
  do
echo -n "Stopping $S :: "
systemctl stop ${S}.service
if test $? -eq 0; then echo "ok"; else echo "failed"; fi
  done
}

case "$1" in
  start)
mail_start
;;
  stop)
mail_stop
;;
  restart)
mail_stop
mail_start
;;
  status)
mail_status
;;
  *)
echo "usage: $(basename $0) {start|stop|restart|status}"
;;
esac

# vim: set filetype=sh:

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox for CentOS

2017-03-08 Thread Johnny Hughes 
On 03/08/2017 09:39 AM, Phelps, Matthew wrote:
> On Wed, Mar 8, 2017 at 10:25 AM, Johnny Hughes  wrote:
> 
>> On 03/08/2017 09:10 AM, m.r...@5-cent.us wrote:
>>> Hi, Johnny,
>>>
>>> Johnny Hughes wrote:
 I am currently building the latest Firefox updates and I have noticed
 that they have upgraded the CentOS-7 Firefox from the ESR tree (45.8) to
 the mainline tree (Currently firefox-52.0).  They have left EL5 and EL6
 at the ESR level (45.8.0-2).

 EL7:
 https://rhn.redhat.com/errata/RHSA-2017-0461.html

 EL5 and EL6:
 https://rhn.redhat.com/errata/RHSA-2017-0459.html

 As stated above, I am currently building and testing these, so they are
 not yet released .. just preparing people for the changes.

>>
> 
> Does anyone know if ESR 52.x will eventually be released for CentOS 6?
> 
> 

I am sure it will, certainly when version 45 goes EOL.

The variables and content to build it on EL6 are in the current EL7
SRPM, but the EL5 stuff is (understandably, since it is going EOL soon)
missing.

What I am not sure of is if EL7 will stay on the Current Release for the
next update or if it will shift back to ESR.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Up to date guide/information Sendmail SMTP Auth

2017-03-08 Thread Mark Weaver 

Hello all,

I've been googling my brains out since yesterday looking for up-to-date 
information on this matter, and have found information that is anywhere 
from 15 to 5 years old. I'd really like some information that much more 
up to date on the subject. Specifically configuring Sendmail SMTP 
authentication (_no smart host stuff_).


I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also installed:

- Cyrus-sasl
- Dovecot
- Openssl

Essentially everything I need except the working knowledge for the 
process. If someone knows where I might locate this information it would 
be greatly appreciated.


thanks

Mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox for CentOS

2017-03-08 Thread Phelps, Matthew 
On Wed, Mar 8, 2017 at 10:25 AM, Johnny Hughes  wrote:

> On 03/08/2017 09:10 AM, m.r...@5-cent.us wrote:
> > Hi, Johnny,
> >
> > Johnny Hughes wrote:
> >> I am currently building the latest Firefox updates and I have noticed
> >> that they have upgraded the CentOS-7 Firefox from the ESR tree (45.8) to
> >> the mainline tree (Currently firefox-52.0).  They have left EL5 and EL6
> >> at the ESR level (45.8.0-2).
> >>
> >> EL7:
> >> https://rhn.redhat.com/errata/RHSA-2017-0461.html
> >>
> >> EL5 and EL6:
> >> https://rhn.redhat.com/errata/RHSA-2017-0459.html
> >>
> >> As stated above, I am currently building and testing these, so they are
> >> not yet released .. just preparing people for the changes.
> >>
>

Does anyone know if ESR 52.x will eventually be released for CentOS 6?


-- 
Matt Phelps
System Administrator, Computation Facility
Harvard - Smithsonian Center for Astrophysics
mphe...@cfa.harvard.edu, http://www.cfa.harvard.edu
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox for CentOS

2017-03-08 Thread Johnny Hughes 
On 03/08/2017 09:10 AM, m.r...@5-cent.us wrote:
> Hi, Johnny,
> 
> Johnny Hughes wrote:
>> I am currently building the latest Firefox updates and I have noticed
>> that they have upgraded the CentOS-7 Firefox from the ESR tree (45.8) to
>> the mainline tree (Currently firefox-52.0).  They have left EL5 and EL6
>> at the ESR level (45.8.0-2).
>>
>> EL7:
>> https://rhn.redhat.com/errata/RHSA-2017-0461.html
>>
>> EL5 and EL6:
>> https://rhn.redhat.com/errata/RHSA-2017-0459.html
>>
>> As stated above, I am currently building and testing these, so they are
>> not yet released .. just preparing people for the changes.
>>
> In your testing, you might test the situation I posted yesterday: CentOS
> 7.3, current firefox, most recent flash-plugin (1 Mar). In one tab, using
> noscript, I enabled youtube and googlevideo. It affected a *separate*
> firefox window, opened from the firefox file menu. The video played, and
> went to play something else. I closed the tab, which is the *only* place
> that youtube was enabled. Instead, it kept playing. I actually shut down
> firefox altogether... and it kept playing. It didn't stop until I brought
> up firefox again, opened the original tab, and disabled youtube there.
> *Then*, and only then, did it stop playing.

My only testing makes sure it works like the one in RHEL .. We don't
make technical changes to our RPMs.




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread James Hogarth 
On 8 March 2017 at 15:00, Giles Coochey  wrote:
>
>
> On 08/03/17 14:54, Jonathan Billings wrote:
>>
>>
>> If you'd like a really simple solution that avoids NetworkManager, I
>> suggest using systemd-networkd (both systemd-networkd and
>> systemd-resolved packages required).  I've used it to set up a bridge
>> on my workstattion for use with libvirtd/kvm, and it is just as simple
>> a text file but future compatible.  Heck, it probably even works on
>> other distros that use systemd.
>>
>> Here's a super-simple static configuration:
>>
>> # cat /etc/systemd/network/10-static-eno1.network
>> [Match]
>> name=eno1
>>
>> [Network]
>> Address=192.168.1.2
>> Gateway=192.168.1.1
>> DNS=192.168.1.1
>>
>> You need to make sure that /etc/resolv.conf is a symlink
>> /run/systemd/resolve/resolv.conf if you want the systemd-resolved
>> service to manage it.  Just disable NetworkManager and network
>> services and enable the systemd-networkd and systemd-resolved
>> services.
>>
>> Honestly, I've found systemd-networkd very useful for the more complex
>> networking on my workstation (bridged VMs to external network) but its
>> also useful for my tiny VMs that don't need extra daemons running.
>>
> That's interesting, I'll snapshot and perhaps take that tangent on the next
> build and see how it goes.
>

Incidentally as far back as NM 1.0 (part of the 7.1 milestone but not
part of the original 7.0 GA) it has supported a
'configure-and-quit=yes' option to just get the configuration right,
emit the events etc needed to tell services/system network is
configured and then get out of the way and not leave any running
daemon:

https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS?h=1.0.0

I'll give that a test as part of my upcoming article looking at how NM
has changed since the original 7.0 release.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox for CentOS

2017-03-08 Thread Johnny Hughes 
On 03/08/2017 09:07 AM, Leon Fauster wrote:
>> Am 08.03.2017 um 15:40 schrieb Johnny Hughes :
>>
>> I am currently building the latest Firefox updates and I have noticed
>> that they have upgraded the CentOS-7 Firefox from the ESR tree (45.8) to
>> the mainline tree (Currently firefox-52.0).  They have left EL5 and EL6
>> at the ESR level (45.8.0-2).
>>
>> EL7:
>> https://rhn.redhat.com/errata/RHSA-2017-0461.html
>>
>> EL5 and EL6:
>> https://rhn.redhat.com/errata/RHSA-2017-0459.html
>>
>> As stated above, I am currently building and testing these, so they are
>> not yet released .. just preparing people for the changes.
> 
> 
> Seems that 52 will be the next ESR version (June 2017).
> 
> https://www.mozilla.org/en-US/firefox/organizations/faq/

It is currently also the main version for Linux .. at least that is what
the main firefox site wanted me to upgrade to.




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox for CentOS

2017-03-08 Thread m . roth 
Hi, Johnny,

Johnny Hughes wrote:
> I am currently building the latest Firefox updates and I have noticed
> that they have upgraded the CentOS-7 Firefox from the ESR tree (45.8) to
> the mainline tree (Currently firefox-52.0).  They have left EL5 and EL6
> at the ESR level (45.8.0-2).
>
> EL7:
> https://rhn.redhat.com/errata/RHSA-2017-0461.html
>
> EL5 and EL6:
> https://rhn.redhat.com/errata/RHSA-2017-0459.html
>
> As stated above, I am currently building and testing these, so they are
> not yet released .. just preparing people for the changes.
>
In your testing, you might test the situation I posted yesterday: CentOS
7.3, current firefox, most recent flash-plugin (1 Mar). In one tab, using
noscript, I enabled youtube and googlevideo. It affected a *separate*
firefox window, opened from the firefox file menu. The video played, and
went to play something else. I closed the tab, which is the *only* place
that youtube was enabled. Instead, it kept playing. I actually shut down
firefox altogether... and it kept playing. It didn't stop until I brought
up firefox again, opened the original tab, and disabled youtube there.
*Then*, and only then, did it stop playing.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox for CentOS

2017-03-08 Thread Leon Fauster 
> Am 08.03.2017 um 15:40 schrieb Johnny Hughes :
> 
> I am currently building the latest Firefox updates and I have noticed
> that they have upgraded the CentOS-7 Firefox from the ESR tree (45.8) to
> the mainline tree (Currently firefox-52.0).  They have left EL5 and EL6
> at the ESR level (45.8.0-2).
> 
> EL7:
> https://rhn.redhat.com/errata/RHSA-2017-0461.html
> 
> EL5 and EL6:
> https://rhn.redhat.com/errata/RHSA-2017-0459.html
> 
> As stated above, I am currently building and testing these, so they are
> not yet released .. just preparing people for the changes.


Seems that 52 will be the next ESR version (June 2017).

https://www.mozilla.org/en-US/firefox/organizations/faq/

--
LF


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 14:54, Jonathan Billings wrote:


If you'd like a really simple solution that avoids NetworkManager, I
suggest using systemd-networkd (both systemd-networkd and
systemd-resolved packages required).  I've used it to set up a bridge
on my workstattion for use with libvirtd/kvm, and it is just as simple
a text file but future compatible.  Heck, it probably even works on
other distros that use systemd.

Here's a super-simple static configuration:

# cat /etc/systemd/network/10-static-eno1.network
[Match]
name=eno1

[Network]
Address=192.168.1.2
Gateway=192.168.1.1
DNS=192.168.1.1

You need to make sure that /etc/resolv.conf is a symlink
/run/systemd/resolve/resolv.conf if you want the systemd-resolved
service to manage it.  Just disable NetworkManager and network
services and enable the systemd-networkd and systemd-resolved
services.

Honestly, I've found systemd-networkd very useful for the more complex
networking on my workstation (bridged VMs to external network) but its
also useful for my tiny VMs that don't need extra daemons running.

That's interesting, I'll snapshot and perhaps take that tangent on the 
next build and see how it goes.


--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Jonathan Billings 
On Wed, Mar 08, 2017 at 10:43:57AM +, Giles Coochey wrote:
> https://en.wikipedia.org/wiki/KISS_principle
> 
> I'm not flaming NetworkManager, I'm just stating that for many (perhaps
> most), it is over-engineered for a server orientated distribution. I can run
> with the script above on 30 server instances, and it doesn't, as yet, break
> any of the other features of Centos that I enjoy.

If you'd like a really simple solution that avoids NetworkManager, I
suggest using systemd-networkd (both systemd-networkd and
systemd-resolved packages required).  I've used it to set up a bridge
on my workstattion for use with libvirtd/kvm, and it is just as simple
a text file but future compatible.  Heck, it probably even works on
other distros that use systemd.

Here's a super-simple static configuration:

# cat /etc/systemd/network/10-static-eno1.network
[Match]
name=eno1

[Network]
Address=192.168.1.2
Gateway=192.168.1.1
DNS=192.168.1.1

You need to make sure that /etc/resolv.conf is a symlink
/run/systemd/resolve/resolv.conf if you want the systemd-resolved
service to manage it.  Just disable NetworkManager and network
services and enable the systemd-networkd and systemd-resolved
services.

Honestly, I've found systemd-networkd very useful for the more complex
networking on my workstation (bridged VMs to external network) but its
also useful for my tiny VMs that don't need extra daemons running.

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Firefox for CentOS

2017-03-08 Thread Johnny Hughes 
I am currently building the latest Firefox updates and I have noticed
that they have upgraded the CentOS-7 Firefox from the ESR tree (45.8) to
the mainline tree (Currently firefox-52.0).  They have left EL5 and EL6
at the ESR level (45.8.0-2).

EL7:
https://rhn.redhat.com/errata/RHSA-2017-0461.html

EL5 and EL6:
https://rhn.redhat.com/errata/RHSA-2017-0459.html

As stated above, I am currently building and testing these, so they are
not yet released .. just preparing people for the changes.

Thanks,
Johnny Hughes




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 13:16, Steve Clark wrote:


Let us have a vote - how many of us do teaming/bonding/vlans on our servers?
Our networking gear does that in our installation.

The majority of my servers are virtual, if I need multiple subnets 
(VLANs) then I have multiple cards.
Their throughput does not require bonding, resiliency is performed at a 
different level - by having multiple load balanced VMs.


I have to admit, on one hypervisor I use  VLANs, but actually use 
NetworkManager in that case - and it worked since installation, if I 
have a problem with it in the future though, I will resort to scripting 
it as well :-) - It would be the simplest way for me to resolve the 
issue - I can't afford to wait for patches to a monolithic, as you say, 
black-box system, which is in effect just trying to apply sanity 
checking a bunch of scripts in the first place.


I don't add VLANs and Bonds on my servers for _fun_, they are there to 
run the applications and infrastructure - faffing around with that once 
a server is in production is just asking for trouble.


--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread James Hogarth 
On 8 March 2017 at 13:16, Steve Clark  wrote:
> On 03/08/2017 07:39 AM, John Hodrien wrote:
>> On Wed, 8 Mar 2017, Steve Clark wrote:
>>
>>> Yes it is really hard!
>>>
>>> ip address add 192.168.0.1/24 dev enp0s25
>>> ip route add default via 192.168.0.254 dev enp0s25
>>> echo nameserver 8.8.8.8 > /etc/resolv.conf
>>> echo nameserver 8.8.4.4 >> /etc/resolv.conf
>> This is still a deliberately trivial case, as already said, with no
>> teaming/bonding/vlan type fun in the mix.
> Let us have a vote - how many of us do teaming/bonding/vlans on our servers?
> Our networking gear does that in our installation.
>
>

That makes little sense ...

Without cooperation of both endpoints (switch and host) LACP is not
possible (and this is generally the preferred teaming/bonding method).

Without cooperation of both endpoints (switch and host) trunking
multiple vlans (ie the time you would actually tag) is not possible.

That ridiculous "script" doesn't even handle the basic situation that
the NIC interface didn't come up for any reason ...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Andreas Benzler 
Hello David,

It was not to flame something about NetworkManager. There some
application that "needs" to wheel the old way.

I would never have thought it would be such an enlightenment for such a
small, old thing.

1. There is a file that isn't always needed (/etc/sysconfig/network)
2. I wanne have the same result in the old style. (NOZEROCONF=yes)

And just by the way. My Desktop computer here runs with the
NetworkManager.

1. Outside lan

2. A dummy bridge adapter fired by the NetworkManager
   (With a island name server + dhcp for kvm)

3. An internal lan that can also run an Centos Diskless computer.


That was not my intention; really not.

For a network starter it is an absolute must to know, how it works in
practically. Not me.

Sorry 

  to 
 everyone


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Steve Clark 
On 03/08/2017 07:39 AM, John Hodrien wrote:
> On Wed, 8 Mar 2017, Steve Clark wrote:
>
>> Yes it is really hard!
>>
>> ip address add 192.168.0.1/24 dev enp0s25
>> ip route add default via 192.168.0.254 dev enp0s25
>> echo nameserver 8.8.8.8 > /etc/resolv.conf
>> echo nameserver 8.8.4.4 >> /etc/resolv.conf
> This is still a deliberately trivial case, as already said, with no
> teaming/bonding/vlan type fun in the mix.
Let us have a vote - how many of us do teaming/bonding/vlans on our servers?
Our networking gear does that in our installation.

> You're free to disentangle yourself from the bits of CentOS you don't like,
> and there's nothing at all stopping you, but after a while what you're
> supporting isn't CentOS.  I realise this is only one little part of the whole,
> but still.
>
> jh
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread John Hodrien 

On Wed, 8 Mar 2017, Steve Clark wrote:


Yes it is really hard!

ip address add 192.168.0.1/24 dev enp0s25
ip route add default via 192.168.0.254 dev enp0s25
echo nameserver 8.8.8.8 > /etc/resolv.conf
echo nameserver 8.8.4.4 >> /etc/resolv.conf


This is still a deliberately trivial case, as already said, with no
teaming/bonding/vlan type fun in the mix.

You're free to disentangle yourself from the bits of CentOS you don't like,
and there's nothing at all stopping you, but after a while what you're
supporting isn't CentOS.  I realise this is only one little part of the whole,
but still.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread David Both 



On 03/08/2017 05:43 AM, Giles Coochey wrote:



On 08/03/17 10:38, John Hodrien wrote:

On Wed, 8 Mar 2017, Giles Coochey wrote:


ifconfig enp0s25 192.168.0.1 netmask 255.255.255.0
route add default gw 192.168.0.254 enp0s25
echo nameserver 8.8.8.8 > /etc/resolv.conf
echo nameserver 8.8.4.4 >> /etc/resolv.conf


Oh okay, you really do want to back away from Redhat entirely. That's
entirely your choice.

What you end up with if you take this approach widely is effectively
your own
linux distribution.

Not really, Redhat/Centos has a lot to offer, but for me, networking 
is a one-time configuration, and the best way to configure it is using 
something that falls within this principle:


https://en.wikipedia.org/wiki/KISS_principle

I'm not flaming NetworkManager, I'm just stating that for many 
(perhaps most), it is over-engineered for a server orientated 
distribution. I can run with the script above on 30 server instances, 
and it doesn't, as yet, break any of the other features of Centos that 
I enjoy.


I do not agree with your conclusions about NetworkManager.  First, I use 
it on several servers and firewalls that - theoretically at least - 
should never change. Some of the most tiresome problems I have had to 
fix were what happened due to renaming of NICs after replacing a bad 
one, or a 100Mb with a Gb NIC, or adding a new NIC to connect with a new 
network. NetworkManager keeps NIC naming consistent with no surprises. I 
am getting ready to install two new NICs in a firewall/router that 
already has two NICs and I am not dreading that change as I would have 
with the old network service.


I have had excellent results with NetworkManager and am very happy with 
it. I see it as a significant improvement over the old network service. 
If you are concerned about performance issues - don't worry - you won't 
have any. It works fine on my RaspberryPI forewall/router using CentOS 7 
for ARM and on my ancient EeePC that runs a full installation of Fedora 25.


Don't try to fix something that isn't broken.

--


*
David P. Both, RHCE
Millennium Technology Consulting LLC
Raleigh, NC, USA
919-389-8678

db...@millennium-technology.com

www.millennium-technology.com
www.databook.bz - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*
This communication may be unlawfully collected and stored by the National
Security Agency (NSA) in secret. The parties to this email do not consent to the
retrieving or storing of this communication and any related metadata, as well as
printing, copying, re-transmitting, disseminating, or otherwise using it. If you
believe you have received this communication in error, please delete it
immediately.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Steve Clark 
On 03/08/2017 05:52 AM, John Hodrien wrote:
> On Wed, 8 Mar 2017, Giles Coochey wrote:
>
>> Not really, Redhat/Centos has a lot to offer, but for me, networking is a 
>> one-time configuration, and the best way to configure it is using something 
>> that falls within this principle:
>>
>> https://en.wikipedia.org/wiki/KISS_principle
>>
>> I'm not flaming NetworkManager, I'm just stating that for many (perhaps 
>> most), it is over-engineered for a server orientated distribution. I can run 
>> with the script above on 30 server instances, and it doesn't, as yet, break 
>> any of the other features of Centos that I enjoy.
> It means you're stuck in your own hand crafted niche.  Which is fine, but it's
> up to you to maintain the niche, or you find yourself using obsolete tools
> like ifconfig and route.
>
> I'd argue there's a gulf between keeping things simple and doing things your
> own way.
>
> jh

Yes it is really hard!

ip address add 192.168.0.1/24 dev enp0s25
ip route add default via 192.168.0.254 dev enp0s25
echo nameserver 8.8.8.8 > /etc/resolv.conf
echo nameserver 8.8.4.4 >> /etc/resolv.conf




-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Andreas Benzler 
Certain application doesn't like the NetworkManager

for example take a look here.


https://www.rdoproject.org/install/quickstart/


And on server stage it's better to run without 
any complicate configuration tools.

Tools can make life harder in some cases.

Got many other distros run before centos, why not.

I personally like it slim and easy. 


Sincerely

Andy


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Steve Clark 
On 03/08/2017 05:43 AM, Giles Coochey wrote:
>
> On 08/03/17 10:38, John Hodrien wrote:
>> On Wed, 8 Mar 2017, Giles Coochey wrote:
>>
>>> ifconfig enp0s25 192.168.0.1 netmask 255.255.255.0
>>> route add default gw 192.168.0.254 enp0s25
>>> echo nameserver 8.8.8.8 > /etc/resolv.conf
>>> echo nameserver 8.8.4.4 >> /etc/resolv.conf
>> Oh okay, you really do want to back away from Redhat entirely. That's
>> entirely your choice.
>>
>> What you end up with if you take this approach widely is effectively
>> your own
>> linux distribution.
>>
> Not really, Redhat/Centos has a lot to offer, but for me, networking is 
> a one-time configuration, and the best way to configure it is using 
> something that falls within this principle:
I agree - they are trying to make it like windows, and when something doesn't 
work correctly you
have no clue what is going on in the black box!

> https://en.wikipedia.org/wiki/KISS_principle
>
> I'm not flaming NetworkManager, I'm just stating that for many (perhaps 
> most), it is over-engineered for a server orientated distribution. I can 
> run with the script above on 30 server instances, and it doesn't, as 
> yet, break any of the other features of Centos that I enjoy.
>


-- 
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Andreas Benzler 
Hello James,

your right in that position. I will correct it.

Sincerely

Andy


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread James Hogarth 
On 8 March 2017 at 11:15, Alice Wonder  wrote:
> On 03/08/2017 01:57 AM, Giles Coochey wrote:
>>
>>
>>> The recommended configuration for EL7 is to use NetworkManager unless
>>> you have a very specific edge case preventing you from doing so:
>>>
>> The truth is a lot of us run servers that don't need to have their
>> network "managed" by Networkmanager.
>>
>
> My experience was very difficult going to 7.2 to 7.3 because of a change in
> the behavior of NetworkManager with respect to IPv6 but once I had it
> figured out (thanks to people on this list) it worked out quite well and I
> kept NetworkManager.
>
> But I certainly understand why some don't want to do that.


That's fine Alice (and I remember your issue well with the minimally
documented change to stable-privacy by default for new systems ...
argh I still need to write up a blog article about that) but in this
case the person concerned isn't even using the network service, which
if legacy and semi-deprecated is still supported, but just doing a
ridiculous and unsupportable mini script (I'm guessing from rc.local?)
which doesn't handle pretty much any actual networking issue that may
come up - eg failed/delayed interface.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Alice Wonder 

On 03/08/2017 01:57 AM, Giles Coochey wrote:



The recommended configuration for EL7 is to use NetworkManager unless
you have a very specific edge case preventing you from doing so:


The truth is a lot of us run servers that don't need to have their
network "managed" by Networkmanager.



My experience was very difficult going to 7.2 to 7.3 because of a change 
in the behavior of NetworkManager with respect to IPv6 but once I had it 
figured out (thanks to people on this list) it worked out quite well and 
I kept NetworkManager.


But I certainly understand why some don't want to do that.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 11:10, James Hogarth wrote:

On 8 March 2017 at 10:58, Giles Coochey  wrote:


On 08/03/17 10:52, John Hodrien wrote:


It means you're stuck in your own hand crafted niche.  Which is fine, but
it's
up to you to maintain the niche, or you find yourself using obsolete tools
like ifconfig and route.

I'd argue there's a gulf between keeping things simple and doing things
your
own way.


I'm sure there are drop in replacements for ifconfig and route, but even if
deprecated I have not needed to revisit that script for many years, so I'm
not changing it.
When it does eventually break I have to look at four lines to discover where
the problem might be, I can troubleshoot it by trying to run each line
manually and see what is going on.

When qw hit a bug in NetworkManager that breaks something specific that
you're doing then you can try to raise a bug with upstream, or you could try
to review the thousands of lines of code that make it up and try to fix the
problem yourself.

Or perhaps you'll do what I did, remove it and put in a 4 line script.



That's nice ... but what you've provided is terrible advice that
doesn't handle a wide range of scenarios such as teaming, bonding,
vlans, bridging, network interface changes, race conditions of things
dependent on networking or acting as part of the network.target or
network-online.target systemd units which declare when network is
ready ...

If you want to do something unsupportable in any sane environment that
is on you ... but really please don't suggest to those who don't know
better to carry out such activities.

I didn't suggest you use anything, you asked me what script I used, I 
gave you that information YMMV.


--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread James Hogarth 
On 8 March 2017 at 10:58, Giles Coochey  wrote:
>
>
> On 08/03/17 10:52, John Hodrien wrote:
>>
>>
>> It means you're stuck in your own hand crafted niche.  Which is fine, but
>> it's
>> up to you to maintain the niche, or you find yourself using obsolete tools
>> like ifconfig and route.
>>
>> I'd argue there's a gulf between keeping things simple and doing things
>> your
>> own way.
>>
> I'm sure there are drop in replacements for ifconfig and route, but even if
> deprecated I have not needed to revisit that script for many years, so I'm
> not changing it.
> When it does eventually break I have to look at four lines to discover where
> the problem might be, I can troubleshoot it by trying to run each line
> manually and see what is going on.
>
> When qw hit a bug in NetworkManager that breaks something specific that
> you're doing then you can try to raise a bug with upstream, or you could try
> to review the thousands of lines of code that make it up and try to fix the
> problem yourself.
>
> Or perhaps you'll do what I did, remove it and put in a 4 line script.
>


That's nice ... but what you've provided is terrible advice that
doesn't handle a wide range of scenarios such as teaming, bonding,
vlans, bridging, network interface changes, race conditions of things
dependent on networking or acting as part of the network.target or
network-online.target systemd units which declare when network is
ready ...

If you want to do something unsupportable in any sane environment that
is on you ... but really please don't suggest to those who don't know
better to carry out such activities.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 10:52, John Hodrien wrote:


It means you're stuck in your own hand crafted niche.  Which is fine, 
but it's
up to you to maintain the niche, or you find yourself using obsolete 
tools

like ifconfig and route.

I'd argue there's a gulf between keeping things simple and doing 
things your

own way.

I'm sure there are drop in replacements for ifconfig and route, but even 
if deprecated I have not needed to revisit that script for many years, 
so I'm not changing it.
When it does eventually break I have to look at four lines to discover 
where the problem might be, I can troubleshoot it by trying to run each 
line manually and see what is going on.


When qw hit a bug in NetworkManager that breaks something specific that 
you're doing then you can try to raise a bug with upstream, or you could 
try to review the thousands of lines of code that make it up and try to 
fix the problem yourself.


Or perhaps you'll do what I did, remove it and put in a 4 line script.

--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread John Hodrien 

On Wed, 8 Mar 2017, Giles Coochey wrote:

Not really, Redhat/Centos has a lot to offer, but for me, networking is a 
one-time configuration, and the best way to configure it is using something 
that falls within this principle:


https://en.wikipedia.org/wiki/KISS_principle

I'm not flaming NetworkManager, I'm just stating that for many (perhaps 
most), it is over-engineered for a server orientated distribution. I can run 
with the script above on 30 server instances, and it doesn't, as yet, break 
any of the other features of Centos that I enjoy.


It means you're stuck in your own hand crafted niche.  Which is fine, but it's
up to you to maintain the niche, or you find yourself using obsolete tools
like ifconfig and route.

I'd argue there's a gulf between keeping things simple and doing things your
own way.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 10:38, John Hodrien wrote:

On Wed, 8 Mar 2017, Giles Coochey wrote:


ifconfig enp0s25 192.168.0.1 netmask 255.255.255.0
route add default gw 192.168.0.254 enp0s25
echo nameserver 8.8.8.8 > /etc/resolv.conf
echo nameserver 8.8.4.4 >> /etc/resolv.conf


Oh okay, you really do want to back away from Redhat entirely. That's
entirely your choice.

What you end up with if you take this approach widely is effectively
your own
linux distribution.

Not really, Redhat/Centos has a lot to offer, but for me, networking is 
a one-time configuration, and the best way to configure it is using 
something that falls within this principle:


https://en.wikipedia.org/wiki/KISS_principle

I'm not flaming NetworkManager, I'm just stating that for many (perhaps 
most), it is over-engineered for a server orientated distribution. I can 
run with the script above on 30 server instances, and it doesn't, as 
yet, break any of the other features of Centos that I enjoy.


--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread John Hodrien 

On Wed, 8 Mar 2017, Giles Coochey wrote:


ifconfig enp0s25 192.168.0.1 netmask 255.255.255.0
route add default gw 192.168.0.254 enp0s25
echo nameserver 8.8.8.8 > /etc/resolv.conf
echo nameserver 8.8.4.4 >> /etc/resolv.conf


Oh okay, you really do want to back away from Redhat entirely.  That's
entirely your choice.

What you end up with if you take this approach widely is effectively your own
linux distribution.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



On 08/03/17 10:15, John Hodrien wrote:

On Wed, 8 Mar 2017, Giles Coochey wrote:

The truth is a lot of us run servers that don't need to have their 
network

"managed" by Networkmanager.


You're opting to have your network managed by a bunch of unloved legacy
scripts that you're advised to avoid using unless necessary, or you've 
having
it managed by NetworkManager.  If you want to have it managing it this 
way,

you'll be writing your own scripts.

We just need to set an IP address, subnet mask, gateway, and DNS 
servers and we will never be changing that configuration ever again 
for the entire life of the server.
Any 3-4 line script that does the job is sufficient, servers don't 
need gimmicks, they're not going to be hotspotting on wireless 
networks, the cable goes in, the server enters production and that's it!


By 3-4 line script, I assume you mean the content of all the files in
/etc/sysconfig/network-scripts that aren't your ifcfg files?


ifconfig enp0s25 192.168.0.1 netmask 255.255.255.0
route add default gw 192.168.0.254 enp0s25
echo nameserver 8.8.8.8 > /etc/resolv.conf
echo nameserver 8.8.4.4 >> /etc/resolv.conf

--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread John Hodrien 

On Wed, 8 Mar 2017, Giles Coochey wrote:


The truth is a lot of us run servers that don't need to have their network
"managed" by Networkmanager.


You're opting to have your network managed by a bunch of unloved legacy
scripts that you're advised to avoid using unless necessary, or you've having
it managed by NetworkManager.  If you want to have it managing it this way,
you'll be writing your own scripts.

We just need to set an IP address, subnet mask, gateway, and DNS servers and 
we will never be changing that configuration ever again for the entire life 
of the server.
Any 3-4 line script that does the job is sufficient, servers don't need 
gimmicks, they're not going to be hotspotting on wireless networks, the cable 
goes in, the server enters production and that's it!


By 3-4 line script, I assume you mean the content of all the files in
/etc/sysconfig/network-scripts that aren't your ifcfg files?

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread Giles Coochey 



The recommended configuration for EL7 is to use NetworkManager unless
you have a very specific edge case preventing you from doing so:

The truth is a lot of us run servers that don't need to have their 
network "managed" by Networkmanager.


We just need to set an IP address, subnet mask, gateway, and DNS servers 
and we will never be changing that configuration ever again for the 
entire life of the server.
Any 3-4 line script that does the job is sufficient, servers don't need 
gimmicks, they're not going to be hotspotting on wireless networks, the 
cable goes in, the server enters production and that's it!


--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] From Networkmanager to self managed configuration files

2017-03-08 Thread James Hogarth 
On 8 March 2017 at 06:56, Andreas Benzler  wrote:
> Hello Guys,
>
> update my post, because of a route from ipv6 on same networkcard,
> with only ipv4 enabled
>
> Sincerely
>
> Andy
>
>

Please accept this as honest constructive criticism from someone who
also likes to blog.

On EL7 this is really bad advice:

> systemctl stop NetworkManager; systemctl disable NetworkManager; systemctl 
> mask NetworkManager

You may be interested in this article of mine:
https://www.hogarthuk.com/?q=node/8

The recommended configuration for EL7 is to use NetworkManager unless
you have a very specific edge case preventing you from doing so:

https://access.redhat.com/solutions/783533

The legacy network service is in effect deprecated, like net-tools
was, as no new features are being released for it and no RFE's are
being accepted. All future work is on NetworkManager.

Note as well this article was last updated in 2014 - NetworkManager
has been updated to handle more use cases than back then.

As always it's best to check with the upstream documentation:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/index.html

Finally there was nothing to do with IPv6 in your article.

That address was an IPv4 address and the zeroconf stuff configures the
169.254.0.0/16 network as a 'local link' network on that interface.

If it was IPv6 it would have an address like
fe80::33bb:5a14:be57:1690/64 ... which is an IPv6 link local address.

Regards,

James
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos